Search criteria
12 vulnerabilities found for filevista by gleamtech
FKIE_CVE-2024-57248
Vulnerability from fkie_nvd - Published: 2025-02-07 16:15 - Updated: 2025-09-15 18:06
Severity ?
Summary
Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/189021 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.gleamtech.com/filevista | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gleamtech:filevista:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D553A7-0E37-4600-A567-3E34CC6103A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files."
},
{
"lang": "es",
"value": "Directory Traversal durante la carga de archivos en Gleamtech FileVista 9.2.0.0 permite a atacantes remotos lograr la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n y la escalada de privilegios mediante la inyecci\u00f3n de payloads en solicitudes HTTP para manipular rutas de archivos, eludir controles de acceso y cargar archivos maliciosos."
}
],
"id": "CVE-2024-57248",
"lastModified": "2025-09-15T18:06:08.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-07T16:15:38.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/189021"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.gleamtech.com/filevista"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-57249
Vulnerability from fkie_nvd - Published: 2025-02-07 16:15 - Updated: 2025-09-15 18:02
Severity ?
Summary
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/189019 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.gleamtech.com/filevista | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gleamtech:filevista:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D553A7-0E37-4600-A567-3E34CC6103A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials."
},
{
"lang": "es",
"value": "Un control de acceso incorrecto en la funci\u00f3n de vista previa de Gleamtech FileVista 9.2.0.0 permite a atacantes remotos obtener acceso no autorizado mediante la explotaci\u00f3n de una vulnerabilidad en los mecanismos de control de acceso eliminando los encabezados HTTP relacionados con la autenticaci\u00f3n, como el encabezado Cookie, en la solicitud. Esto evita el proceso de autenticaci\u00f3n y otorga a los atacantes acceso a archivos de im\u00e1genes confidenciales sin las credenciales de inicio de sesi\u00f3n adecuadas."
}
],
"id": "CVE-2024-57249",
"lastModified": "2025-09-15T18:02:51.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-07T16:15:38.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/189019"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.gleamtech.com/filevista"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-8789
Vulnerability from fkie_nvd - Published: 2014-12-02 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gleamtech:filevista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5548B881-642B-4DC2-A926-5075B56CEB11",
"versionEndIncluding": "6.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction."
},
{
"lang": "es",
"value": "GleamTech FileVista anterior a 6.1 permite a usuarios remotos autenticados crear ficheros arbitrarios y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una ruta manipulada en un archivo zip, lo que no se maneja correctamente durante la extracci\u00f3n."
}
],
"id": "CVE-2014-8789",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-02T16:59:03.557",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"source": "cve@mitre.org",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-8788
Vulnerability from fkie_nvd - Published: 2014-12-02 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gleamtech:filevista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5548B881-642B-4DC2-A926-5075B56CEB11",
"versionEndIncluding": "6.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gleamtech:filevista:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD87E0C-D063-40E6-897C-00C8746C2E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gleamtech:filevista:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E19A5390-16A2-453E-9E73-6854CAAFBB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gleamtech:filevista:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3C44C9-9C90-4AC7-9F56-111EFAE56461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gleamtech:filevista:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9E3DE5-B522-435D-A25C-39DB0B5CF101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gleamtech:filevista:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA1CA40-F5C1-4E67-BD0C-0537474659D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "GleamTech FileVista anterior a 6.1 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de una ruta manipulada cuando guarda un fichero zip, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2014-8788",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-02T16:59:02.510",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"source": "cve@mitre.org",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-57248 (GCVE-0-2024-57248)
Vulnerability from cvelistv5 – Published: 2025-02-07 00:00 – Updated: 2025-02-11 15:22
VLAI?
Summary
Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57248",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:21:41.910006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:22:10.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:26:05.996Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gleamtech.com/filevista"
},
{
"url": "https://packetstorm.news/files/id/189021"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57248",
"datePublished": "2025-02-07T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:22:10.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57249 (GCVE-0-2024-57249)
Vulnerability from cvelistv5 – Published: 2025-02-07 00:00 – Updated: 2025-02-11 15:21
VLAI?
Summary
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57249",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:20:36.307232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:21:05.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:12:09.936Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gleamtech.com/filevista"
},
{
"url": "https://packetstorm.news/files/id/189019"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57249",
"datePublished": "2025-02-07T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:21:05.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8788 (GCVE-0-2014-8788)
Vulnerability from cvelistv5 – Published: 2014-12-02 16:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-02T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"name": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx",
"refsource": "CONFIRM",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"name": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8788",
"datePublished": "2014-12-02T16:00:00",
"dateReserved": "2014-11-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8789 (GCVE-0-2014-8789)
Vulnerability from cvelistv5 – Published: 2014-12-02 16:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-02T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"name": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx",
"refsource": "CONFIRM",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"name": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8789",
"datePublished": "2014-12-02T16:00:00",
"dateReserved": "2014-11-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57248 (GCVE-0-2024-57248)
Vulnerability from nvd – Published: 2025-02-07 00:00 – Updated: 2025-02-11 15:22
VLAI?
Summary
Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57248",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:21:41.910006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:22:10.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:26:05.996Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gleamtech.com/filevista"
},
{
"url": "https://packetstorm.news/files/id/189021"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57248",
"datePublished": "2025-02-07T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:22:10.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57249 (GCVE-0-2024-57249)
Vulnerability from nvd – Published: 2025-02-07 00:00 – Updated: 2025-02-11 15:21
VLAI?
Summary
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57249",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:20:36.307232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:21:05.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:12:09.936Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gleamtech.com/filevista"
},
{
"url": "https://packetstorm.news/files/id/189019"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57249",
"datePublished": "2025-02-07T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:21:05.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8788 (GCVE-0-2014-8788)
Vulnerability from nvd – Published: 2014-12-02 16:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-02T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"name": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx",
"refsource": "CONFIRM",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"name": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8788",
"datePublished": "2014-12-02T16:00:00",
"dateReserved": "2014-11-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8789 (GCVE-0-2014-8789)
Vulnerability from nvd – Published: 2014-12-02 16:00 – Updated: 2024-08-06 13:26
VLAI?
Summary
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-02T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141127 FileVista \u003c v6.0.8.0 Insecure zip file handling",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/87"
},
{
"name": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx",
"refsource": "CONFIRM",
"url": "http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx"
},
{
"name": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8789",
"datePublished": "2014-12-02T16:00:00",
"dateReserved": "2014-11-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}